ICMP Echo Request/Reply消息格式
用于检测IP网络连通性的Ping/Tracert,是通过发送ICMP Echo消息实现的。
一、ICMP Echo Request/Reply报文格式
+0------7-------15---------------31
| Type | Code | Checksum |
+--------------------------------+
| Identi| Sequence Number |
+--------------------------------+
| Data |
+--------------------------------+二、ICMP Echo Request/Reply报文格式释义
| 字段 | 长度 | 含义 |
|---|---|---|
| Type | 1字节 | 消息类型:
|
| Code | 1字节 | 消息代码,此处值为0。 |
| Checksum | 2字节 | 检验和,使用和IP相同的加法校验和算法,但是ICMP校验和仅覆盖ICMP报文。 |
| Identifier | 2字节 | 标识符,发送端标示此发送的报文。 |
| Sequence Number | 2字节 | 序列号,发送端发送的报文的顺序号。每发送一次顺序号就加1。 |
| Data | 可变 | 选项数据,是一个可变长的字段,其中包含要返回给发送者的数据。回显应答通常返回与所收到的数据完全相同的数据。 |
三、ICMP请求消息报文示例
Frame 1: 50 bytes on wire (400 bits), 50 bytes captured (400 bits)
Arrival Time: Mar 17, 2015 14:04:15.071870000
Epoch Time: 1426572255.071870000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 50 bytes (400 bits)
Capture Length: 50 bytes (400 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a), Dst: PaloAlto_00:01:1a (00:1b:17:00:01:1a)
Destination: PaloAlto_00:01:1a (00:1b:17:00:01:1a)
Address: PaloAlto_00:01:1a (00:1b:17:00:01:1a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a)
Address: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.30.129.205 (10.30.129.205), Dst: 10.168.121.153 (10.168.121.153)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 36
Identification: 0x3c81 (15489)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: ICMP (1)
Header checksum: 0x0000 [incorrect, should be 0x962a (maybe caused by "IP checksum offload"?)]
[Good: False]
[Bad: True]
[Expert Info (Error/Checksum): Bad checksum]
[Message: Bad checksum]
[Severity level: Error]
[Group: Checksum]
Source: 10.30.129.205 (10.30.129.205)
Destination: 10.168.121.153 (10.168.121.153)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xf3df [correct]
Identifier (BE): 1056 (0x0420)
Identifier (LE): 8196 (0x2004)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
Data (8 bytes)
Data: 0000000000000000
[Length: 8]
四、ICMP应答消息报文示例
Frame 1: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Arrival Time: Mar 17, 2015 14:04:15.073105000
Epoch Time: 1426572255.073105000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: PaloAlto_00:01:1a (00:1b:17:00:01:1a), Dst: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a)
Destination: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a)
Address: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: PaloAlto_00:01:1a (00:1b:17:00:01:1a)
Address: PaloAlto_00:01:1a (00:1b:17:00:01:1a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 00000000000000000000
Internet Protocol Version 4, Src: 10.168.121.152 (10.168.121.152), Dst: 10.30.129.205 (10.30.129.205)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 36
Identification: 0x597f (22911)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 253
Protocol: ICMP (1)
Header checksum: 0xfb6c [correct]
[Good: True]
[Bad: False]
Source: 10.168.121.152 (10.168.121.152)
Destination: 10.30.129.205 (10.30.129.205)
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0xfbdf [correct]
Identifier (BE): 1056 (0x0420)
Identifier (LE): 8196 (0x2004)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
Data (8 bytes)
五、ICMP Echo Request/Reply协议栈结构
+-------------------------------+
| ICMP message |
+-------------------------------+
| IP header (Protocol = 0x01) |
+-------------------------------+
| L2 header |
+-------------------------------+
发表评论